plugins/ssh-keys/functions

#!/usr/bin/env bash
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"

verify_ssh_key_file() {
  declare desc="Test that public key is valid"
  [[ -s ${DOKKU_ROOT}/.ssh/authorized_keys ]] || dokku_log_fail "No public keys found."
  local key line=0
  local TMP_KEY_FILE
  TMP_KEY_FILE=$(mktemp "/tmp/dokku-${DOKKU_PID}-${FUNCNAME[0]}.XXXXXX")
  trap "rm -rf '$TMP_KEY_FILE' >/dev/null" RETURN INT TERM EXIT

  while read -r key; do
    line=$((line + 1))
    [[ -z "$key" ]] && continue
    echo "$key" >"$TMP_KEY_FILE"
    ssh-keygen -lf "$TMP_KEY_FILE" &>/dev/null || dokku_log_fail "${DOKKU_ROOT}/.ssh/authorized_keys line $line failed ssh-keygen check."
  done <"${DOKKU_ROOT}/.ssh/authorized_keys"
}

verify_ssh_key_exists() {
  declare desc="Test that public key exists"
  [[ -e ${DOKKU_ROOT}/.ssh/authorized_keys ]] || dokku_log_fail "No public keys found."
}

create_ssh_key_file() {
  declare desc="Ensure the public key file exists"
  touch "${DOKKU_ROOT}/.ssh/authorized_keys"
}
Add ssh-keys core plugin 2016-06-30 17:34:07 -07:00			`#!/usr/bin/env bash`
tests: run mvdan/shfmt on test runs While I do not agree with _every_ style change, this will force Dokku to have consistent formatting across all shell scripts, which is arguably a Good Thing™. The command used to reprocess everything is: ```shell shfmt -l -bn -ci -i 2 -w . ``` 2019-01-07 01:04:17 -05:00			`set -eo pipefail`
			`[[ $DOKKU_TRACE ]] && set -x`
Add ssh-keys core plugin 2016-06-30 17:34:07 -07:00			`source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"`

			`verify_ssh_key_file() {`
			`declare desc="Test that public key is valid"`
			`[[ -s ${DOKKU_ROOT}/.ssh/authorized_keys ]] \|\| dokku_log_fail "No public keys found."`
Patch GH #2446 "Adding a file with two ssh-key..." This is a proposed change for addressing GH #2446 "Adding a file with two ssh-keys can result in an error" (see https://github.com/dokku/dokku/issues/2446). The following checks are performed: - validity of key contents when read from a file - key contents only contains one single line/key - authorized_keys file is ultimately valid The last test is an extension over the previous implementation in that all lines in the file are checked. The commit also includes extensions to the relevant test file to excercise the new checks. It also takes care to save and then restore the authorized_keys file. 2016-10-15 23:55:43 +02:00			`local key line=0`
refactor: switch to temporary file for key verification 2019-04-22 16:52:53 -04:00			`local TMP_KEY_FILE`
fix: use 6 X to support running under busybox mktemp from busybox requires that all templates end with XXXXXX. 2019-08-12 18:16:16 -04:00			`TMP_KEY_FILE=$(mktemp "/tmp/dokku-${DOKKU_PID}-${FUNCNAME[0]}.XXXXXX")`
fix: reverse quotes for variable expansion Without reversing quotes, the variables are sometimes improperly expanded, resulting in files not being removed. 2019-05-20 17:56:50 -07:00			`trap "rm -rf '$TMP_KEY_FILE' >/dev/null" RETURN INT TERM EXIT`
refactor: switch to temporary file for key verification 2019-04-22 16:52:53 -04:00
SC2162: read without -r mangle backslashes 2017-03-26 04:59:10 -06:00			`while read -r key; do`
Patch GH #2446 "Adding a file with two ssh-key..." This is a proposed change for addressing GH #2446 "Adding a file with two ssh-keys can result in an error" (see https://github.com/dokku/dokku/issues/2446). The following checks are performed: - validity of key contents when read from a file - key contents only contains one single line/key - authorized_keys file is ultimately valid The last test is an extension over the previous implementation in that all lines in the file are checked. The commit also includes extensions to the relevant test file to excercise the new checks. It also takes care to save and then restore the authorized_keys file. 2016-10-15 23:55:43 +02:00			`line=$((line + 1))`
fix: handle case where there are empty newlines in the authorized_keys file Previously, an empty line would result in a failing ssh-keys:list call, or a failure to verify the file. Newlines should be ignored. 2019-07-05 10:00:52 -04:00			`[[ -z "$key" ]] && continue`
refactor: switch to temporary file for key verification 2019-04-22 16:52:53 -04:00			`echo "$key" >"$TMP_KEY_FILE"`
			`ssh-keygen -lf "$TMP_KEY_FILE" &>/dev/null \|\| dokku_log_fail "${DOKKU_ROOT}/.ssh/authorized_keys line $line failed ssh-keygen check."`
Patch GH #2446 "Adding a file with two ssh-key..." This is a proposed change for addressing GH #2446 "Adding a file with two ssh-keys can result in an error" (see https://github.com/dokku/dokku/issues/2446). The following checks are performed: - validity of key contents when read from a file - key contents only contains one single line/key - authorized_keys file is ultimately valid The last test is an extension over the previous implementation in that all lines in the file are checked. The commit also includes extensions to the relevant test file to excercise the new checks. It also takes care to save and then restore the authorized_keys file. 2016-10-15 23:55:43 +02:00			`done <"${DOKKU_ROOT}/.ssh/authorized_keys"`
Add ssh-keys core plugin 2016-06-30 17:34:07 -07:00			`}`

			`verify_ssh_key_exists() {`
			`declare desc="Test that public key exists"`
			`[[ -e ${DOKKU_ROOT}/.ssh/authorized_keys ]] \|\| dokku_log_fail "No public keys found."`
			`}`
Create the user's `authorized_keys` file if it does not exist Closes #2469 2016-11-21 19:08:33 -07:00
			`create_ssh_key_file() {`
			`declare desc="Ensure the public key file exists"`
			`touch "${DOKKU_ROOT}/.ssh/authorized_keys"`
			`}`